Re: [squid-users] how to filter urls with the external_acl_type option?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 20 Jul 2011 13:34:34 +1200

 On Tue, 19 Jul 2011 12:57:27 -0700, Zael Rey wrote:
> Hello there I',m working in a script to filter with squid using:
>
> external_acl_type myAclType %SRC %URI
> /home/konrad/testing/myexternalacltype.pl
> acl MyAcl external myAclType
> http_access allow MyAcl
>
> this is the script I have and for some reason its not working :
>
> #!/usr/bin/perl -w
> $|=1;
> open(STDERR, ">/tmp/external_acl.log");

 STDERR gets sent to squid cache.log by default. No need for this.

> select(STDERR); $| = 1; # make unbuffered
> select(STDOUT); $| = 1; # make unbuffered
> print STDERR "INI: $$\n\n";;
>
>
> use MIME::Base64 ();
> while (<>) {
> print STDERR "<--- $_\n\n";;
> print "ERR\n";
> }
>
> Its supposed to block when it has ERR but it does not, it allows
> always can you tell my whats wrong pls.

 No. ERR means only that the ACL does not match. Will not be used, try
 another line, do not pass go.

  OK/ERR == true/false.

 Syntax is:
  http_access $ACTION $BOOLEAN-CONDITION

 So "http_access ** MyAcl" is a rule about what to do when MyACL is
 true. "OK".

 the NOT operator (!) can be added, or the allow/deny action can be
 changed. Giving you three outcomes of one line. ALLOWED/DENIED/SKIP.

 <snip>
> 2011/07/19 11:42:32| helperHandleRead: 4 bytes from myAclType #1.
> 2011/07/19 11:42:32| commSetSelect: FD 7 type 1
> 2011/07/19 11:42:32| commSetEvents(fd=7)
> 2011/07/19 11:42:32| helperHandleRead: 'ERR
> '
> 2011/07/19 11:42:32| helperHandleRead: end of reply found: ERR
>
 <snip>
> 2011/07/19 11:42:32| cbdataValid: 0xb94307e0
> 2011/07/19 11:42:32| aclCheck: checking 'http_access deny MyAcl'

 The cache.log also indicates that your earlier statement about
 squid.conf was wrong.

 The rule "http_access deny MyAcl" will block, whenever the ACL matches
 (ie produces "OK"). Otherwise it will be SKIP.

 Amos
Received on Wed Jul 20 2011 - 01:34:41 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 12:00:03 MDT